gh0strat | fae171cd84451efb4937252f52ffe2b1_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fae171cd84451efb4937252f52ffe2b1_JaffaCakes118
Size

316KB
MD5

fae171cd84451efb4937252f52ffe2b1
SHA1

da6cc08b73604ead918b78b2dd0ff92a9d5ce9f7
SHA256

54c3d297bff6c1dfc52934152b424d19c44e8a3a6c40ebee0abcf3e658d19ca2
SHA512

b0f06e926f499a2eb280f7ccb77d6f51a6fd678b6ea10ac2ca16692a2fd2a5b511179568e348a370ab43245aef9c395a1667308a483ee499f78f8b25a4f68333
SSDEEP

6144:z6cPpODxCdS7eOUQ418/P676Go6FGwbqydWLTrSYTvCV+CP7fVc:zVcCEn6764FNdwDTvCVL7fi

Score

10^/10

gh0strat

Malware Config

Signatures

Gh0st RAT payload 1 IoCs

resource	yara_rule
sample	family_gh0strat

Gh0strat family
gh0strat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fae171cd84451efb4937252f52ffe2b1_JaffaCakes118

Files

fae171cd84451efb4937252f52ffe2b1_JaffaCakes118
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

RehhcSSDT
ServiceMain
winsafe

Sections

.textbss
Size: - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 307KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 997B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 110B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ